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@ An access- permitting system wherein all vari- 
able information relating to the authorization of 
the card within the access-penmitting system, 
such as, for instance, with regard to the entran- 
ce<s) for which the card is valid and with regard 
to the point of time at or the period in which the 
card is valid, is provided on the card. 
Each time again, this information is rendered 
valid for a limited period of time, by means of a 
special card reader/writer which, unlike the 
other card readers belonging to the system, is 
connected to a central processing unit 
Also, at the same moment, ail infonmation about 
access already pemiitted can be transferred 
from the card wherein this information is stored 
to the central processing unit 
An access-penmitting system according to the 
invention requires hardly any costly connec- 
tions between the central processing unit and 
the decentral systems. 



BEST AVAILABLE COPY 



0. 
UJ 



JouvB, ia, rue Salnt-Denls. 75001 PARIS 



1 



EP 0 618 550 A1 



2 



The invention relates to an access- permitting 
system for permitting access to for instance build- 
ings, spaces, installations, vehicles, services and/or 
computer systenns, comprising at least one access 
card whereon or wherein information can be written 5 
and at least one access card reader with which infor- 
mation can be read from a card, which information is 
further processed by the system to detemnine wheth- 
er a card can be permitted access. In such systems, 
known per se, cards are used, for instance in the form io 
of magnetic cards, so-called smart cards having con- 
tacts according to the standard ISO-7816, contact- 
less chipcards according to the standard ISO-10536, 
or programmable cards according to European patent 
number 0242306 in applicant's name, to permit ac- is 
cess to a building, a space or, for instance, to the use 
of equipment. In these access- permitting systems, 
two main groups can be distinguished. 

In the first group, the identification code or the 
card number of the card presented is transmitted 20 
from a card reader, arranged for instance at an en- 
trance such as a doorof a space or building, or a ter- 
minal of a computer system, to a central processing 
unit, whereupon it is centrally determined whether the 
relevant card number has access at the location 25 
where the relevant card is presented. If this is the 
case, a signal is subsequently transmitted from the 
central processing unit to the relevant entrance, for 
instance to open the door or to pemiit the terminal ac- 
cess to the computer system. Hence, the proper op- 30 
eration of these access-permitting systems depends 
on the lines of communication between on the one 
hand the different entrances and/or access card 
readers and on the other hand the central processing 
unit The proper operation of the access-permitting 3S 
system also depends on the speed at which commu- 
nication takes place along these lines of communica- 
tion. 

In the second group of access-permitting sys- 
tems, a processing unit is centrally arranged as well, 40 
also connected, via lines of communication, to card 
readers decent rally arranged at the entrances, the 
access information being present per card number in 
these decentrally arranged processing units. The ad- 
vantage of this second group of systems is that for 45 
permitting access no communication need take place 
between the central processing unit and the decen- 
tral card reader, so that these systems react much 
more quickly and, in the event of failures, break down 
less quickly and not all at the same time. Consequent- so 
ly, a card reader may release an entrance itself after 
having read a card. 

In the case of changes in the card file, or if the 
authorization of a particular card number changes, 
the central processing unit transmits this infonmation 55 
via the lines of communication to all systems connect- 
ed. If access is permitted by the card readers, is mes- 
sage hereabout is transmitted to the central process- 



ing unit These messages need not be transmitted inrv 
mediately, but may also be transmitted later, within 
particular limits. 

Both above-mentioned groups of access-permit- 
ting systems have the drawback that a considerable 
infrastructure of lines of communication is necessary 
for transmitting messages from the central process- 
ing unit to the decentral card readers. 

The object of the present invention Is to provide 
a solution to this, wherein the above-mentioned cost- 
ly lines of communication between the central and the 
decentral systems are required to a much lesser de- 
gree, if at all. 

According to the invention, the access- permitting 
system is characterized in that the card comprises all 
relevant information relating to the access authoriza- 
tion of the card within the access- perm it ting system, 
so that, after reading the card, it can be determined 
without supplementary infonmation whether the card 
can be permitted access. 

The invention is based on the fact that the author- 
ization code<s) are taken along decentrally. via the 
programmable access cards belonging to the system, 
to the different entrances in the system. Hence, in the 
system according to the invention, the information 
whether a particular card has access at a particular 
entrance at a particular time is contained in the card 
itself and need not be transmitted, via lines of conv 
munication, from a central processing unit to the de- 
centrally arranged access card reader. 

A possible drawback of such system is that in the 
event of loss or theft of the card, no message can be 
given from a central processing unit to the decentral 
systems in order to block the entrance for the card in 
question. Consequently, this would have to be report- 
ed to all individual entrances belonging to the system, 
for instance via a special card through which this in- 
formation is conveyed to the decentral systems. 

A solution to the above-mentioned problem is the 
introduction of a time lock or time window, of for in- 
stance one day, within which the cards are valid. In 
that case, the procedure can be as described below. 

Each day, through a change of the infonmation on 
or in the card, each card should once again be provid- 
ed with all authorizations with regard to the entrances 
in the system, valid for that day and for that particular 
card. Hence, this may only take place on a system 
that is connected to the central processing unit Con- 
sequently, in this manner, cards that are lost or stolen, 
whose authorization with regard to the entrances 
should be adapted in the central processing unit are 
valid for one day at the most 

Another possible problem to the solution accord- 
ing the invention is that due to the lack of lines of conv 
munication. the information with regard to the move- 
ments of cards within the system cannot be reported 
to the central processing unit and hence to the system 
administrator. To solve this problem, it is possible to 
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store on or in a particular card the movements of that 
card as well, in addition to the authorizations of that 
card. 

At the same time when the authorizations for a 
next time period are read in, the infonnation with re- 5 
gard to the movements of the card within the system 
for the past period of time can be passed on to the 
central processing unit In this manner, this informa- 
tion does become available in the central processing 
unit and hence to the system administrator, although io 
slightly shifted in time. 

The above involves that, in accordance with an 
advantageous embodiment of the system according 
to the invention, the access card reader, after reading 
the relevant infonnation from the card, determines on is 
the basis of this information whether or not access 
can be permitted. As a result, the system is quick and 
insusceptible to failures. More in particular, the rele- 
vant information of the card comprises at least one 
point of time or at least one period for which the ac- 20 
cess authorization of the card is valid. This may fur- 
ther improve the security and fraude insusceptibility 
of the system, because when the authorization period 
has ended, authorization should consciously be 
granted to a card holder once again. According to a 25 
very advantageous embodiment of the invention, the 
access authorization of the card should be rendered 
valid again for each new authorization period, while 
after the new authorization period has ended, the ac- 
cess authorization expires again. Consequently, the 30 
holder of the card should not be given a new card, 
while, however, a non-obvious positive decision is re- 
quired for extending the authorization by a new peri- 
od. 

In particular, the system further comprises a cen- 35 
tral processing unit having a card reader/writer con- 
nected thereto, while the card can be rendered valid 
for a new authorization period by the central process- 
ing unit via this card readerAvriter. Hence, a holder of 
a card wishing to extend his authorization for a new 40 
period should turn to this card reader/writer. 

According to a very advantageous embodiment, 
the system further comprises a central processing 
unit to which at least one access card reader is con- 
nected, wherein, via this access card reader, the card 45 
can be rendered valid for a new authorization period 
by the central processing unit This embodiment has 
as an advantage that an authorization for a new per- 
iod can be granted to the holder of a card at an access 
card reader, i.e. at the moment when the holder tries so 
to gain access with his card. In this case, it is not nec- 
essary to go to a card reader/writer especially ar- 
ranged for this purpose. For instance, if it is decided 
before the expiration of an authorization of a card that 
after the expiration of the authorization the holder of 55 
the card should be given a new authorization for a 
new period, this can be input to the centra) processing 
unit by a system administrator, while it can also be in- 



put for which access card readers the authorization 
should be rendered valid. The central processing unit 
passes this information on to the access card readers 
for which the card holder presently has an authoriza- 
tion and/or to the access card readers for which the 
card holder is given an authorization for a new period. 
As soon as the card holder in question presents him- 
self to one of these access card readers by giving his 
card to the relevant access card reader, the new au- 
thorization can be written on the card. Hence, these 
access card readers can also write information to a 
card. 

To the two above-described embodiments with 
the authorization extension, it applies that each time, 
the central processing unit extends the authorization 
automatically, unless a system administrator blocks 
the automatic extension. However, it is also possible 
that a system administrator should each time indicate 
via the central processing unit whether an authoriza- 
tion of a card should be extended. This may for in- 
stance be entered at the central processing unit for all 
issued cards at the same time. 

The system is in particular characterized in that 
the central processing unit each time extends the au- 
thorization by a new period for an indefinite time. 
However, it is also possible that the central process- 
ing unit each time extends the authorization period by 
a new period for a predetermined length of time. The 
length of time can for instance be 1 year, so that for 
this period a system administrator need not perform 
any direct operations. On the other hand, the auto- 
matic extension for 1 year provides an additional se- 
curity of the system against errors being made, such 
as, for instance, the omission of inputting into the cen- 
tral processing unit that an employee has resigned, 
so that his card must no longer be automatically ex- 
tended. After all, after one year the automatic exten- 
sion of the authorization by, for instance, an authori- 
zation period of one day. expires. 

According to a very advantageous embodiment 
of the invention, at the moment when access is per- 
mitted after the card has been read by an access card 
reader, information at)Out the relevant entrance, 
which information optionally includes the point of time 
at which the access was permitted, is written on or in 
the card, this information being read out by the central 
processing unit when the period of validity of the card 
is being extended. Hence, reading out this informa- 
tion may take place both at the centrally arranged 
card reader/writer and at an access card reader con- 
nected to the central processing unit 

According to a preferred embodiment of the in- 
vention, in the event of for instance loss or theft of a 
card, the authorization information of this card is 
blocked in the central processing unit, so that the au- 
thorization of a card cannot be rendered valid again 
and the card, at the end of an expiring authorization 
period, loses its validity. Consequently, a holder who 
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is no longer in the possession of his card may turn to 
the system administrator, who will subsequently 
block the authorization extension In the central proc- 
essing unit. Upon expiration of the authorization per- 
iod, for Instance, an authorization will not be automat- 
ically extended. A stolen card will then lose its validity 
one day (length of time of authorization period) after 
the theft has been reported to the system administra- 
tor. 

If authorizations are not automatically extended, 
the blocking of an authorization may imply that simply 
no new authorization will be granted as described 
above. 

If after expiration of the authorization the finder 
of the card has the card read out by the card read- 
er/writer or by an access card reader connected to the 
central processing unit, the authorization of the card 
will not be extended. 

Preferably, the access authorization of the card is 
valid for at least one predetermined entrance at which 
an access card reader is arranged. This makes it pos- 
sible to permit card holders access only to, for in- 
stance, specific spaces of a building or specific parts 
of a computer system. For this purpose, the system 
may be provided with a plurality of access card read- 
ers, the information on the card comprising an identity 
code of at least one access card reader for which ac- 
cess can be permitted to the card in question. Accord- 
ingly, an access card reader compares, among other 
things, whether an identity code read out from a card 
corresponds to its own identity code. If this proves to 
be the case, and, moreover, the authorization for the 
relevant period is valid, access may be permitted. 

Preferably, the information on the card comprises 
an identity code of the card. This identity code can be 
read out by the central processing unit in one of the 
above-mentioned manners to decide whether the au- 
thorization of the relevant card can be extended. 

The invention will presently be further explained 
with reference to the accompanying drawing, wherein 
Fig. 1 shows two possible embodiments of an ac- 
cess-permitting system according to the invention. 

In Fig. 1. an exemplary embodiment of an ac- 
cess-permitting system according to the invention is 
provided with a reference numeral 1. The system 
comprises n access card readers 2A (i=1 .2,...n), n rep- 
resenting a natural number greater than or equal to 1. 
Each access card reader 2.1 is connected to at least 
one entrance 4.k (k=1.2,...m), m being a natural num- 
ber greater than or equal to 1. In this example, access 
card reader 2.2 is connected to two entrances 4.2, 
4.3, while entrances 2.3 and 2.4 comprise a common 
access card reader 4.4. The other entrances each 
comprise an access card reader. In this example, an 
entrance 4.i may be a doorof a building, space, instal- 
lation, a vehicle and/or any other product for which ac- 
cess can be permitted or refused. However, an en- 
trance may also be, for instance, a terminai of a com- 



puter, computer network and/or any other type of 
computer system. The system further comprises a 
plurality of access cards 6.j (j=1.2,...). The number of 
access cards is not fixed and may vary in time. In ad- 

5 dition, the system comprises a central processing unit 
8 having connected thereto a card reader/writer 10. 
The access cards 6.j may for instance be magnetic 
cards, smart cards, contactless chipcards, progranv 
mable cards or any other type of cards on which in- 
fo formation can be stored to be subsequently read out 
again. Each card 6.j comprises all relevant informa- 
tion on the basis of which it can be determined wheth- 
er the card in question has a valid authorization for 
gaining access to a specific entrance 4.k. In this ex- 

15 ample, the information in question comprises a code 
indicating for which entrances 2.i authorization has 
been granted and a period for which this authorization 
is valid. Preferably, this authorization period is equal 
for each entrance 4.k registered on a card. However, 

20 it is also possible that on a card for different entranc- 
es 4.k different periods are registered for which the 
authorization is valid. In addition, in this example, the 
information on the card 6.j comprises a unique card 
number as identification code of the card in question. 

25 The operation of the system 1 is as follows. A card 

holder of card 6.j wishing to gain access to entrance 
4.k goes to a corresponding access card reader 2.1, 
i.e. an access card reader coupled to an entrance 4.k, 
and inserts his card into a slot, intended for this pur- 

30 pose, of the access card reader 2.1. This card reader 
2.1 reads from the card the entrances 4.kft>r which the 
card is authorized and the corresponding period(s) for 
which the card is authorized. On the basis of this in- 
formation, the access card reader 2.i in question is di- 

35 rectly capable of determining whether for the en- 
trance 4.k in question access can be permitted to the 
card or, rather, the holder of the card. Hence, this 
does not require information from the central proc- 
essing units. Consequently, in this example, the cen- 

40 tral processing unit 8 is not connected to any of the 
access card readers 2.1. If the card has no authoriza- 
tion for the relevant entrance, the entrance is not re- 
leased. If the period for which an authorization is valid 
has meanwhile expired, no access is permitted either. 

45 Obviously, for this purpose, each access card reader 
comprises a real-time dock. If these two conditions 
have indeed been met, the relevant access card read- 
er 2.i will control the entrance 4.k in such a manner 
that it is released to the card holder. If a card holder 

50 presents himself to access card reader 2.2, in this ex- 
ample, he will have to key in, on a keyboard of this ac- 
cess card reader, for which of the two entrances 4.2 
or 4.3 access is requested. 

If an access card reader 2.1 gives access to an en- 

55 trance 4.k, this is registered on the relevant card by 
the access card reader. In this example, an Identity 
code belonging to the relevant entrance and the point 
of time at which the access was given are registered 
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on the card. 

The period for which an authorization of a card Is 
valid wilt each time have to be extended after expir- 
ation thereof. If no extension of the authorization per- 
iod takes place, the card will lose Its validity within the 
system 1 . To extend or renew the authorization peri- 
od, a card holder should turn with his card to the card 
reader/writer 10. The card is inserted Into the card 
reader/writer and the central processing unit subse- 
quently reads the identity, i.e. the unique consecutive 
number of the card, via the card reader/writer 1 0. If all 
proceeds normally, the central processing unit 8 will 
write to the card an authorization for a new period for 
specific entrances 4.k via the card reader/writer 10. 
In general, this will mean an extension of an authori- 
zation for a specific entrance. As this authorization 
has again only a limited period of validity, the author- 
ization for a specific entrance should each time be 
extended for a new period. Such a period may for in- 
stance be 1 day. so that an optimally safe system 1 
is obtained. 

If so desired, extension may also take place when 
the old authorization has already expired, for instance 
because the card holder was on a holiday. In partic- 
ular, for each card a system administrator may enter 
into the central processing unit whether an authoriza- 
tion can be renewed when the old authorization for a 
specific entrance has already expired, while it may 
also be indicated for which period an authorization Is 
extended each time. This means that for instance for 
one year, an authorization is each time extended by 
one day. Of course, this can also be programmed in 
such a manner that an authorization is each time au- 
tomatically extended by a new period for an indefinite 
period. 

Consequently, in general, authorizations will pre- 
fefably be automatically extended when a card is read 
out by the card reader/writer 10 without a system ad- 
ministrator having to give a specific command for this 
to the central processing unit 8. For this purpose, in 
this example, the system administrator has entered 
only once into the central processing unit 8 that the 
authorization of the card in question can be extended 
by a new period each time (for an indefinite time or 
for a predetermined time) when the card is read out. 
for instance at the expiration of an authorization per- 
iod, by the central processing unit 8. 

In this example, a new authorization period need 
not connect to an old period. If. for instance, a card 
holder has a four-day working week, the central proc- 
essing unit can be programmed in such a manner that 
renewal of a period by a period of one day can only 
take place for Monday through Thursday, while no ex- 
tension is possible for Friday. 

However, when a card is lost or stolen, a system 
administrator may program the central processing 
unit 8 in such a manner that it is no longer possible to 
extend the authorization of a card 6.j. If the card in 



question is for instance inserted into a slot of the card 
reader/writer 10, the central processing unit 8 estatv 
lishes that the card 6.j does not qualify for extension. 
whereup>on an alarm signal may automatically be ac- 

5 tivated by the central processing unit 8. It is also pos- 
sible that the card reader/writer 10 seizes the card by 
transporting it to a place inside the card reader/writer 
10 closed from the outside. 

It is also possible that an authorization period for 

10 a new entrance is written to the card, for instance be- 
cause the card holder has been given a new work 
area within a building. This may also be entered into 
the central processing unit beforehand by a system 
administrator 

15 When a card is presented to the card reader/writ- 

er 10. the central processing unit, the central proc- 
essing unit will also read out the historical data con- 
cerning the entrances 4.1 and the points of time at 
which access was permitted to the holder of the card. 

20 In order to relieve the information capacity of a card, 
this information, after having been read out, may be 
erased from the card. 

According to a particular emt>odiment of the in- 
vention, some or all access card readers 2.1 are con- 

25 nected to the central processing unit 8. In Fig. 1 , these 
connections 12 are shown in stippling. The access 
card readers 2.1 connected to the central processing 
unit 8 can be used for extending an authorization by 
a new period as described hereinabove in relation to 

30 the card readerAwriter 1 0. 



Claims 

35 1. An access-permitting system for permitting ac- 
cess to for instance buildings, spaces, installa- 
tions, vehicles, services and/or computer sys- 
tems, comprising at least one access card where- 
on or wherein Information can be written and at 

40 least one access card reader with which informa- 

tion can be read from a card, said information be- 
ing further processed by the system to determine 
whether a card can be permitted access, charac- 
terized in that the card comprises all relevant in- 

45 formation relating to the access authorization of 

the card within the access- permitting system, so 
that after reading the card it can be determined, 
without supplementary information, whether the 
card can be permitted access. 

50 

2. An access- permitting system according to claim 
1 , characterized in that the access card reader, 
after reading the relevant information from the 
card, determines whether or not, on the basis of 

55 said information, access can be permitted. 

3. An access- permitting system according to claim 
1 or 2, characterized in that the relevant tnforma- 
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tion of the card comprises at least one point of 
time or at least one period for which the access 
authorization of the card is valid. 

4. An access- permitting system according to daim s 

3, characterized in that the access authorization 
of the card should be rendered valid again for 
each new authorization period, the access au- 
thorization expiring again after the new authori- 
zation period has ended. io 

5. An access-permitting system according to claim 

4, characterized in that the system further conrv 
prises a central processing unit having a card 
reader/writer connected thereto, while the card 15 
can be rendered valid for a new authorization per- 
iod by the central processing unit via said card 
reader/writer. 

6. An access-permitting system according to daim 20 
4, characterized in that the system further conv 
prises a central processing unit having connected 
thereto at least one access card reader, while the 
card can be rendered valid for a new authoriza- 
tion period by the central processing unit via said 25 
access card reader. 



piring authorization period. 

11. An access-permitting system according to any 
one of the preceding daims, characterized in that 
the access authorization of the card is valid for at 
least one predetermined entrance at which an ac- 
cess card reader is arranged. 

12. An access- permit ting system according to any 
one of the preceding daims. characterized in that 
the information on the card comprises an identity 
code of the card. 

13. An access- permitting system according to any 
one of the preceding daims, characterized in that 
the system comprises a plurality of access card 
readers, the information on the card comprising 
an identity code of at least one access card read- 
er for which access can be permitted to the rele- 
vant card. 



7. An access- permitting system according to daim 
5 or 6, characterized in that at the moment when 
access is permitted after the card has been read 30 
by an access card reader, information about the 
relevant entrance, said information optionally in- 
duding the point of time at which the access was 
permitted, Is written on or in the card, said infor- 
mation being read out by the central processing 35 
unit when the card is read out by the central proc- 
essing unit for extending the period of validity of 
the card by a new authorization period. 



8. An access- permitting system according to any 40 
one of claims 5-7, characterized in that for an in- 
definite time, the central processing unit each 
time extends the period of validity of a card by a 

new authorization period. 

45 

9. An access-permitting system according to any 
one of claims 5-7. characterized in that for a pre- 
determined time, the central processing unit 
each time extends the period of validity of a card 

by a new authorization period. 50 



10. An access-permitting system according to any 
one of daims 5-9, characterized in that for in- 
stance in the event of loss or theft of a card, the 
authorization information of said card is blocked 55 
in the central processing unit, so that the author- 
ization of a card cannot be rendered valid again 
and the card loses its validity at the end of an ex- 
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